In computing, the term “patch” is commonly used to refer to an update designed to change a previous version of a computer program. Patches are commonly used to apply fixes to software insecurities and bugs. A typical manufacturer of a computer program periodically releases patches, and persons responsible for maintaining computer systems, such as a user or an administrator of a computer system, receive and install the patches in their respective computing systems.
However, the installation of a computer program patch can be nontrivial and fraught with potential problems. For example, an installed patch may be found to be defective, or it may interfere or conflict with other computer programs running on a computer, cause one of more computer programs to malfunction, or function improperly for a particular computing architecture. Moreover, remediation after installation of a patch, such as may be desired when installation of the patch has introduced problems into a computer system, can be very difficult and time consuming. In certain situations, a base version of a computer program may have to be uninstalled and then installed again in order to remove the effects introduced by an offending patch.
The problems associated with software patching are exacerbated for an administrator or organization maintaining a computer system having a large number of computers. In such an environment, uninstalling a patch can be extremely difficult. In certain situations in which an installed patch has caused problems, an administrator and his or her team may be forced to dedicate significant amounts of time inspecting files and registries of individual computers in the system and/or reinstalling computer programs to the computers in order to try to identify and repair problems caused by the patch.
Because of the potential problems and the magnitude of these problems associated with traditional installation of software patches, a common practice is for an administrator and his or her team to conduct “trial run” installations of a patch on dedicated “test computers”—computers that have been configured to mimic or otherwise represent computers on an actual network—and to first verify successful installation and operation on the test computers before installing the patch to computers on the actual network. This approach requires significant time and resources, including dedicated computing equipment, software licenses, and human labor. Nevertheless, organizations continue to use this approach because of the limitations of conventional software patching technologies and the potential costs associated with unsuccessful patch installations using standard technologies.